Botan 2.19.1
Crypto and TLS for C&
tiger.cpp
Go to the documentation of this file.
1/*
2* Tiger
3* (C) 1999-2007 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/tiger.h>
9#include <botan/loadstor.h>
10#include <botan/exceptn.h>
11
12namespace Botan {
13
14std::unique_ptr<HashFunction> Tiger::copy_state() const
15 {
16 return std::unique_ptr<HashFunction>(new Tiger(*this));
17 }
18
19namespace {
20
21/*
22* Tiger Mixing Function
23*/
24inline void mix(secure_vector<uint64_t>& X)
25 {
26 X[0] -= X[7] ^ 0xA5A5A5A5A5A5A5A5;
27 X[1] ^= X[0];
28 X[2] += X[1];
29 X[3] -= X[2] ^ ((~X[1]) << 19);
30 X[4] ^= X[3];
31 X[5] += X[4];
32 X[6] -= X[5] ^ ((~X[4]) >> 23);
33 X[7] ^= X[6];
34
35 X[0] += X[7];
36 X[1] -= X[0] ^ ((~X[7]) << 19);
37 X[2] ^= X[1];
38 X[3] += X[2];
39 X[4] -= X[3] ^ ((~X[2]) >> 23);
40 X[5] ^= X[4];
41 X[6] += X[5];
42 X[7] -= X[6] ^ 0x0123456789ABCDEF;
43 }
44
45}
46
47/*
48* Tiger Compression Function
49*/
50void Tiger::compress_n(const uint8_t input[], size_t blocks)
51 {
52 uint64_t A = m_digest[0], B = m_digest[1], C = m_digest[2];
53
54 for(size_t i = 0; i != blocks; ++i)
55 {
56 load_le(m_X.data(), input, m_X.size());
57
58 pass(A, B, C, m_X, 5); mix(m_X);
59 pass(C, A, B, m_X, 7); mix(m_X);
60 pass(B, C, A, m_X, 9);
61
62 for(size_t j = 3; j != m_passes; ++j)
63 {
64 mix(m_X);
65 pass(A, B, C, m_X, 9);
66 uint64_t T = A; A = C; C = B; B = T;
67 }
68
69 A = (m_digest[0] ^= A);
70 B = m_digest[1] = B - m_digest[1];
71 C = (m_digest[2] += C);
72
73 input += hash_block_size();
74 }
75 }
76
77/*
78* Copy out the digest
79*/
80void Tiger::copy_out(uint8_t output[])
81 {
82 copy_out_vec_le(output, output_length(), m_digest);
83 }
84
85/*
86* Tiger Pass
87*/
88void Tiger::pass(uint64_t& A, uint64_t& B, uint64_t& C,
89 const secure_vector<uint64_t>& X,
90 uint8_t mul)
91 {
92 C ^= X[0];
93 A -= SBOX1[get_byte(7, C)] ^ SBOX2[get_byte(5, C)] ^
94 SBOX3[get_byte(3, C)] ^ SBOX4[get_byte(1, C)];
95 B += SBOX1[get_byte(0, C)] ^ SBOX2[get_byte(2, C)] ^
96 SBOX3[get_byte(4, C)] ^ SBOX4[get_byte(6, C)];
97 B *= mul;
98
99 A ^= X[1];
100 B -= SBOX1[get_byte(7, A)] ^ SBOX2[get_byte(5, A)] ^
101 SBOX3[get_byte(3, A)] ^ SBOX4[get_byte(1, A)];
102 C += SBOX1[get_byte(0, A)] ^ SBOX2[get_byte(2, A)] ^
103 SBOX3[get_byte(4, A)] ^ SBOX4[get_byte(6, A)];
104 C *= mul;
105
106 B ^= X[2];
107 C -= SBOX1[get_byte(7, B)] ^ SBOX2[get_byte(5, B)] ^
108 SBOX3[get_byte(3, B)] ^ SBOX4[get_byte(1, B)];
109 A += SBOX1[get_byte(0, B)] ^ SBOX2[get_byte(2, B)] ^
110 SBOX3[get_byte(4, B)] ^ SBOX4[get_byte(6, B)];
111 A *= mul;
112
113 C ^= X[3];
114 A -= SBOX1[get_byte(7, C)] ^ SBOX2[get_byte(5, C)] ^
115 SBOX3[get_byte(3, C)] ^ SBOX4[get_byte(1, C)];
116 B += SBOX1[get_byte(0, C)] ^ SBOX2[get_byte(2, C)] ^
117 SBOX3[get_byte(4, C)] ^ SBOX4[get_byte(6, C)];
118 B *= mul;
119
120 A ^= X[4];
121 B -= SBOX1[get_byte(7, A)] ^ SBOX2[get_byte(5, A)] ^
122 SBOX3[get_byte(3, A)] ^ SBOX4[get_byte(1, A)];
123 C += SBOX1[get_byte(0, A)] ^ SBOX2[get_byte(2, A)] ^
124 SBOX3[get_byte(4, A)] ^ SBOX4[get_byte(6, A)];
125 C *= mul;
126
127 B ^= X[5];
128 C -= SBOX1[get_byte(7, B)] ^ SBOX2[get_byte(5, B)] ^
129 SBOX3[get_byte(3, B)] ^ SBOX4[get_byte(1, B)];
130 A += SBOX1[get_byte(0, B)] ^ SBOX2[get_byte(2, B)] ^
131 SBOX3[get_byte(4, B)] ^ SBOX4[get_byte(6, B)];
132 A *= mul;
133
134 C ^= X[6];
135 A -= SBOX1[get_byte(7, C)] ^ SBOX2[get_byte(5, C)] ^
136 SBOX3[get_byte(3, C)] ^ SBOX4[get_byte(1, C)];
137 B += SBOX1[get_byte(0, C)] ^ SBOX2[get_byte(2, C)] ^
138 SBOX3[get_byte(4, C)] ^ SBOX4[get_byte(6, C)];
139 B *= mul;
140
141 A ^= X[7];
142 B -= SBOX1[get_byte(7, A)] ^ SBOX2[get_byte(5, A)] ^
143 SBOX3[get_byte(3, A)] ^ SBOX4[get_byte(1, A)];
144 C += SBOX1[get_byte(0, A)] ^ SBOX2[get_byte(2, A)] ^
145 SBOX3[get_byte(4, A)] ^ SBOX4[get_byte(6, A)];
146 C *= mul;
147 }
148
149/*
150* Clear memory of sensitive data
151*/
153 {
155 zeroise(m_X);
156 m_digest[0] = 0x0123456789ABCDEF;
157 m_digest[1] = 0xFEDCBA9876543210;
158 m_digest[2] = 0xF096A5B4C3B2E187;
159 }
160
161/*
162* Return the name of this type
163*/
164std::string Tiger::name() const
165 {
166 return "Tiger(" + std::to_string(output_length()) + "," +
167 std::to_string(m_passes) + ")";
168 }
169
170/*
171* Tiger Constructor
172*/
173Tiger::Tiger(size_t hash_len, size_t passes) :
174 MDx_HashFunction(64, false, false),
175 m_X(8),
176 m_digest(3),
177 m_hash_len(hash_len),
178 m_passes(passes)
179 {
180 if(output_length() != 16 && output_length() != 20 && output_length() != 24)
181 throw Invalid_Argument("Tiger: Illegal hash output size: " +
183
184 if(passes < 3)
185 throw Invalid_Argument("Tiger: Invalid number of passes: "
186 + std::to_string(passes));
187 clear();
188 }
189
190}
size_t hash_block_size() const override final
Definition: mdx_hash.h:35
void clear() override
Definition: mdx_hash.cpp:41
std::unique_ptr< HashFunction > copy_state() const override
Definition: tiger.cpp:14
size_t output_length() const override
Definition: tiger.h:24
std::string name() const override
Definition: tiger.cpp:164
Tiger(size_t out_size=24, size_t passes=3)
Definition: tiger.cpp:173
void clear() override
Definition: tiger.cpp:152
fe T
Definition: ge.cpp:37
fe X
Definition: ge.cpp:27
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:213
Definition: alg_id.cpp:13
void zeroise(std::vector< T, Alloc > &vec)
Definition: secmem.h:117
void copy_out_vec_le(uint8_t out[], size_t out_bytes, const std::vector< T, Alloc > &in)
Definition: loadstor.h:694
T load_le(const uint8_t in[], size_t off)
Definition: loadstor.h:123
constexpr uint8_t get_byte(size_t byte_num, T input)
Definition: loadstor.h:41
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:65